While recently working on a related incident, I noticed that a lot of folks are getting issues with the usage of CertCheckMode=4 (MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME) in IIS6. This feature is supposed to allow frequent CRL refresh per IIS documentation...